Sync from SUSE:SLFO:Main libcryptopp revision 284b3d928b7d2b25d19bf19a888ca2c9

libcryptopp-CVE-2024-28285.patch

@@ -0,0 +1,26 @@
+commit 2472be710f8518caab1f62999c50970b475f162f
+Author: Angel Yankov <angel.yankov@suse.com>
+Date:   Wed May 28 16:17:10 2025 +0300
+
+    Fix ElGamal side channel issue
+
+diff --git a/pubkey.h b/pubkey.h
+index 31e00a33..b12ef458 100644
+--- a/pubkey.h
++++ b/pubkey.h
+@@ -1854,8 +1854,13 @@ public:
+ 
+ 			SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength)));
+ 			derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters);
+-
+-			return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
++			DecodingResult res =  encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
++			Element z2 = agreeAlg.AgreeWithStaticPrivateKey(params, q, true, key.GetPrivateExponent());
++			if (z == z2) {
++			} else {
++				return DecodingResult();
++			}
++			return res;
+ 		}
+ 		catch (DL_BadElement &)
+ 		{

libcryptopp.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu May 29 10:56:35 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix [bsc#1224280, CVE-2024-28285]
+  * potential leak of secret key of ElGamal encryption via fault injection 
+  * Added patch libcryptopp-CVE-2024-28285.patch
+  * https://github.com/weidai11/cryptopp/issues/1262 
+
+-------------------------------------------------------------------
+Mon Feb  3 09:09:55 UTC 2025 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Rename patch to patchlevel to avoid confusion on check and avoid:
+  line 75: Patch number not specified: patch
+
 -------------------------------------------------------------------
 Thu Jan  4 09:29:41 UTC 2024 - pgajdos@suse.com
 

libcryptopp.spec

@@ -18,20 +18,20 @@
 
 %define major 8
 %define minor 9
-%define patch 0
-%define pkg_version %{major}%{minor}%patch
+%define patchlevel 0
+%define pkg_version %{major}%{minor}%{patchlevel}
 # There is no upstream interface version information.
 # Therefore we need unique basenames (see boo#1027192):
-%define sover %{major}_%{minor}_%patch
+%define sover %{major}_%{minor}_%{patchlevel}
 Name:           libcryptopp
 # WARNING: Execute "sh precheckin_baselibs.sh" to update baselibs.conf
 # WARNING: uses source tarball name to create lib name.
-Version:        %{major}.%{minor}.%patch
+Version:        %{major}.%{minor}.%{patchlevel}
 Release:        0
 Summary:        Cryptographic library for C++
 License:        BSL-1.0
 URL:            https://www.cryptopp.com
-Source:         https://github.com/weidai11/cryptopp/archive/CRYPTOPP_%{major}_%{minor}_%patch.tar.gz
+Source:         https://github.com/weidai11/cryptopp/archive/CRYPTOPP_%{major}_%{minor}_%{patchlevel}.tar.gz
 Source1:        precheckin_baselibs.sh
 Source2:        baselibs.conf
 # PATCH-FEATURE-OPENSUSE libcryptopp-shared.patch -- improve shared library creation
@@ -40,6 +40,8 @@ Patch1:         libcryptopp-shared.patch
 Patch2:         libcryptopp-CVE-2023-50980.patch
 # CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS
 Patch3:         libcryptopp-CVE-2023-50981.patch
+# PATCH-FIX-SUSE: [bsc#1224280] CVE-2024-28285 potential leak of secret key of ElGamal encryption via fault injection 
+Patch4:		libcryptopp-CVE-2024-28285.patch
 BuildRequires:  dos2unix
 BuildRequires:  gcc-c++
 BuildRequires:  pkgconfig
@@ -72,7 +74,7 @@ codes, hash functions, PKI crypto, key agreement schemes and elliptic
 curve crypto. This package is used for crypto++ development.
 
 %prep
-%autosetup -p1 -n "cryptopp-CRYPTOPP_%{major}_%{minor}_%patch"
+%autosetup -p1 -n "cryptopp-CRYPTOPP_%{major}_%{minor}_%{patchlevel}"
 
 %build
 %ifarch %{arm} i586